[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: defining networks/prefix and host wildcards, and IPsec.

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: defining networks/prefix and host wildcards, and IPsec.
From: Carl Ellison <cme@cybercash.com>
Date: Tue, 26 Aug 1997 12:08:03 -0400
Cc: spki@c2.net
In-Reply-To: <199708162252.SAA00684@morden.sandelman.ottawa.on.ca>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 06:52 PM 8/16/97 -0400, Michael Richardson wrote:
>  For networks and prefixes, we could say things like:
>	(subject (name IANA IStar Achilles Sandelman))
>
>  {is IANA or Internic officially the owner for all IP addresses?}
>
>  which would work fine given certs which said something like:
>	(cert (issuer  (hash IANA's key))
>              (subject (hash IStar's key))
>	      (tag (name IStar)))
>	... (this is how one defines SDSI names, right?)


No, that's the older style.  One would use:

  (cert (issuer (name K_IANA istar))
	(subject K_istar)
	(tag (*))
  )

where K_x is a key or a hash.  The hash saves space, especially if you use 
the key multiple times.  The key, instead of a hash, saves some time in the 
verifier.

>  and some certs like:
>	(cert (issuer (name IANA))
>	      (subject (name IANA IStar))
>              (tag (route (* range "binary" #CDE93000#[ipv4] #CDE93FFF#[ipv4]))))

The syntax should be
            (tag (route (* range binary [ipv4] #CDE93000# [ipv4] #CDE93FFF# ) ) )

and the [ipv4] should probably be a more complete MIME type, although I'm 
not a MIME bigot.  I'd be inclined to leave it off, but now that we're facing
a world with multiple IP address lengths, we might need it.

>  [IStar owns 205.233.48.0/20]

The strings you gave are for a wider range of IP addresses.  Where's the typo?


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNAL/YlQXJENzYr45AQH18AQAkM8m4e247HYJeYfjstCIkrWS8VOC9qNT
5JpZasB8+6Osm3iQ0Xy/8zDtEsX5pOyR5MoxkabSAiFRmzRtErPKYFmbsJCJy/wV
HnpxhICcJghO2IMiLAR3uwN22UXXcNvxHdVNiyZikkXa+8o/4U3vk4hxNEsT7fkw
qsKd9X9Axrk=
=YrhK
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: defining networks/prefix and host wildcards, and IPsec.

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

References:

defining networks/prefix and host wildcards, and IPsec.

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: comments on pre-Munich spki draft
Next by Date: Re: K-of-N subjects
Prev by thread: defining networks/prefix and host wildcards, and IPsec.
Next by thread: Re: defining networks/prefix and host wildcards, and IPsec.
Index(es):
- Main
- Thread